I built an agent to stress-test how UK SaaS handles SARs. Fed it my Starling bankI built an agent to stress-test how UK SaaS handles SARs. Fed it my Starling bank
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
I built an agent to stress-test how UK SaaS handles SARs.
Fed it my Starling bank transactions, cross-referenced Companies House, and drafted personalised Subject Access Requests under GDPR Article 15 for every UK data controller I've paid. 234 letters. One afternoon.
Each request tracks its own 30-day statutory clock. On day 31 the agent auto-generates the ICO complaint template.
The exposure gap this reveals for UK SaaS: • Any customer with an AI assistant can generate the same pipeline in an afternoon • Manual SAR handling averages £500-2,000 per request (compliance + legal + engineering time) • Missing the 30-day window: up to £17.5M or 4% of global revenue in fines
Of 234 sent: 12 companies replied within 24 hours with clean automated workflows. 3 offered settlements. Most had no system at all.
The gap between "we have a plan" and "we have an engine" is where the fine sits. If 100 SARs hit your inbox tomorrow, would your ops survive it?
Post image
Ayomide's avatar
Back to feed
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started